DNS on OPT1 Responds to Ping But Won't Load Webpages

The title says it all! This is a clean pfSense install, newest release, etc. The system is basically laid out like this:

em0: WAN
em1: LAN
opt1: GUEST LAN

I'm trying to create a subnet using a separate adapter (opt1) which will not allow any traffic to communicate with my internal LAN (em1). I followed this guide and got everything set up, but neither Capitve Portal or any other web page will load.

I am (of course) not able to ping anything because I haven't authenticated with captive portal!

Now, in order to debug this further, I disabled captive portal and cleared almost every rule I had set up. My rules for my interfaces are shown below.

I set up a rule which should allow opt1 to communicate on any protocol and I am now able to ping. When I try to load a webpage, nothing happens! DNS is correctly forwarded to the PC connected to opt1, but I cannot load any webpages using URLs. I am, however, able to ping websites directly!

Sure. If you go to Interfaces - WAN - Static IP4 Configuration, do you have a gateway listed in IPv4 Upstream Gateway? What kind of device is your pfSense box connected to for Internet access, eg cable modem, DSL modem… ? That device is your gateway (to the Internet or another network), and you need to supply its IP address to pfSense so that pfSense knows where to send traffic outside its local networks. If you don't have a gateway then you need to define one. Once done, go back to System - General Setup - DNS Servers and pick your gateway from the list beside your DNS entries. Click Save.

No, you don't remove the Google DNS from System - General - DNS Servers, you change the Use Gateway picker beside each DNS sever entry to pick your gateway. Right now you have it set to none for both 8.8.8.8 and 8.8.4.4.

Just a quick update.. I still can't get the system to forward anything other than ICMP requests, but I think I've found something else. It looks like for some reason pfSense is assigning the same adapter name (em0) to both my LAN and GUEST adapters! This would definitely explain what's going on! I'm going to try and find another adapter with a different chipset and report back!

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.